Android Obfuscation & Protection

Android Application Protection with DashO

It is common knowledge that an Android application is very easy to reverse engineer and/or inspect with freely available tools. Unless an application's binary code is obfuscated, hardened and tamper-proofed, it is vulnerable to:

IP Theft: Proprietary business logic can be viewed and/or stolen.

Piracy: License checking mechanisms can be removed.

Credential Bypass: Security and authentication checks may be circumvented.

Fraud: Tampering with in-app payments or collection of login credentials.

All of this makes your apps more difficult for people and machines to exploit while easily fitting into your secure software development lifecycle.

It is important to safeguard valuable apps that are vulnerable to attacks when they are deployed in untrusted mobile environments. But don't take our word for it...

Android “highly recommends” using an obfuscator on all code and emphasizes this in a number of specific areas such as: “At a minimum, we recommend that you run an obfuscation tool” when developing billing logic.

Microsoft also recommends that Android and iOS apps built with Xamarin be obfuscated and protected (see ) and they also offer a “community edition” obfuscator (our own Dotfuscator CE) as a part of Visual Studio.

Some of the ways DashO Protects Your Apps

Renaming alters the names of methods, variables, etc., making source code more difficult to understand.

Control flow introduces false conditional statements and other misleading constructs in order to confuse and break decompilers.

String encryption allows you to encrypt strings in sensitive parts of your application.

Watermarking helps track unauthorized copies of your software back to the source by embedding data such as copyright information or unique identification numbers into an application.

Optimize with Pruning which statically analyzes your code to find the unused types, methods, and fields, and removes them making your application smaller and faster.

Tamper Detection and Defense allows you to prohibit or modify the behavior of a tampered app.

Root Detection and Defense allows you to control whether an app can run on a rooted device and how it will respond.

Method Call Removal allows you to remove Android logging calls from your application, in order to prevent it from leaking potentially sensitive information.

Shelf Life allows you to inject application inventory management into your app.